[randomacct3847]

I’m most worried about the rise of Fintech apps enabled by APIs like Plaid. The media seems more worried about 10-year old Facebook likes being sold than a perpetual real time feed of bank transaction data ending up in the wrong hands or in the hands of a nefarious developer.

For the record, I’m highly critical of Plaid and hope the tech media catches on soon. They do not require developers to communicate which permissions they are asking for when onboarding new customers (I don’t even think that is an option even if developers wanted to) and there’s no central UI for a end customer to review permissions you’ve granted across developers and revoke them. I don’t think they have any requirements to encrypt this data on the developer side and have no idea how they audit developers to make sure they are using various endpoints without violation of their developer terms.

[chobeat]

I worked on card transaction data (from Mastercard) in streaming 5 years ago. It's as shitty and invasive as a group of soulless bank BI can make it. Their detachment from the human damage they were creating and the way they basked in their own smartness was scary and disgusting.

[mooreds]

> a perpetual real time feed of bank transaction data.

Jeez that does sound terrifying. I mean I guess that's already here in my credit cards databases, but at least (in the USA) I have some legal protections.

[acct1771]

Like what? Dollars to doughnuts, Facebook already has your purchase data from your card company.

[xfitm3]

Great point. I had a service like this setup that had a couple of my accounts - I forgot about it. Just turned it off.

[randomacct3847]

Yes this is by far my greatest criticism of how bank APIs work today. I have no idea what third party developers might still have access to one or more accounts that I might’ve set up years ago and forgot about.